The Trojan Message Attack on the Pay-to-Public-Key-Hash Protocol of Bitcoin

Bitcoin is the first and seemingly the most successful cryptocurrency based in a peer-to-peer network that uses blockchain technology. Given Bitcoin's growing real-life deployment and popularity, its security has aroused more and more attention in both financial and information industries. As a body containing a variety of cryptosystems, Bitcoin may also suffer from cryptanalysis attacks. This paper focuses on one of such attacks: the Trojan message attack, and presents in detail how to conduct the attack according to the structure and workflow of the Pay-to-Public-Key-Hash protocol of Bitcoin. The attack aims at forging an upcoming transaction record and results from the fact that all users' candidate input transactions are open to the attacker. The construction of the attack employs a combination of the Bitcoin transaction structure with standard Merkle-Damgard extension vulnerabilities. The conclusion of the attack shows that both the mathematical structure of the hash function itself and the public information in the blockchain are important to the security of Bitcoin. These factors should be considered in the future for the design of other cryptocurrency and blockchain systems.